security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent: Minor cleanup (mostly for documentation). 

* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto.  Change return type to
gpg_error_t.  On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
gpg_error_t.  Return a valid erro code on malloc failure.
(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto.  Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--

While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-28 10:37:33 +02:00
parent 6502bb0d2a
commit 5516ef47a2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 173 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
agent/agent.h
View File

@ -450,14 +450,14 @@ void agent_store_cache_hit (const char *key);
/*-- pksign.c --*/
int agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
const void *overridedata, size_t overridedatalen);
int agent_pksign (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode);
gpg_error_t agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
const void *overridedata, size_t overridedatalen);
gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode);
/*-- pkdecrypt.c --*/
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
@ -482,7 +482,7 @@ unsigned char get_standard_s2k_count_rfc4880 (void);
int agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen,
unsigned long s2k_count, int use_ocb);
int agent_unprotect (ctrl_t ctrl,
gpg_error_t agent_unprotect (ctrl_t ctrl,
const unsigned char *protectedkey, const char *passphrase,
gnupg_isotime_t protected_at,
unsigned char **result, size_t *resultlen);
@ -491,8 +491,8 @@ unsigned char *make_shadow_info (const char *serialno, const char *idstring);
int agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result);
int agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info);
gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info);
gpg_error_t parse_shadow_info (const unsigned char *shadow_info,
char **r_hexsn, char **r_idstr, int *r_pinlen);
gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,

12
agent/command.c
View File

@ -782,7 +782,7 @@ static const char hlp_pksign[] =
static gpg_error_t
cmd_pksign (assuan_context_t ctx, char *line)
{
int rc;
gpg_error_t err;
cache_mode_t cache_mode = CACHE_MODE_NORMAL;
ctrl_t ctrl = assuan_get_pointer (ctx);
membuf_t outbuf;
@ -804,17 +804,17 @@ cmd_pksign (assuan_context_t ctx, char *line)
init_membuf (&outbuf, 512);
rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc,
&outbuf, cache_mode);
if (rc)
err = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc,
&outbuf, cache_mode);
if (err)
clear_outbuf (&outbuf);
else
rc = write_and_clear_outbuf (ctx, &outbuf);
err = write_and_clear_outbuf (ctx, &outbuf);
xfree (cache_nonce);
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return leave_cmd (ctx, rc);
return leave_cmd (ctx, err);
}

132
agent/findkey.c
View File

@ -488,7 +488,7 @@ agent_modify_description (const char *in, const char *comment,
passphrase (entered or from the cache) is stored there; if not NULL
will be stored. The caller needs to free the returned
passphrase. */
static int
static gpg_error_t
unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
unsigned char **keybuf, const unsigned char *grip,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
@ -690,7 +690,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
static gpg_error_t
read_key_file (const unsigned char *grip, gcry_sexp_t *result)
{
int rc;
gpg_error_t err;
char *fname;
estream_t fp;
struct stat st;
@ -710,30 +710,30 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
fp = es_fopen (fname, "rb");
if (!fp)
{
rc = gpg_error_from_syserror ();
if (gpg_err_code (rc) != GPG_ERR_ENOENT)
log_error ("can't open '%s': %s\n", fname, strerror (errno));
err = gpg_error_from_syserror ();
if (gpg_err_code (err) != GPG_ERR_ENOENT)
log_error ("can't open '%s': %s\n", fname, gpg_strerror (err));
xfree (fname);
return rc;
return err;
}
if (es_fread (&first, 1, 1, fp) != 1)
{
rc = gpg_error_from_syserror ();
err = gpg_error_from_syserror ();
log_error ("error reading first byte from '%s': %s\n",
fname, strerror (errno));
fname, gpg_strerror (err));
xfree (fname);
es_fclose (fp);
return rc;
return err;
}
rc = es_fseek (fp, 0, SEEK_SET);
if (rc)
if (es_fseek (fp, 0, SEEK_SET))
{
log_error ("error seeking in '%s': %s\n", fname, strerror (errno));
err = gpg_error_from_syserror ();
log_error ("error seeking in '%s': %s\n", fname, gpg_strerror (err));
xfree (fname);
es_fclose (fp);
return rc;
return err;
}
if (first != '(')
@ -742,69 +742,69 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
nvc_t pk;
int line;
rc = nvc_parse_private_key (&pk, &line, fp);
err = nvc_parse_private_key (&pk, &line, fp);
es_fclose (fp);
if (rc)
if (err)
log_error ("error parsing '%s' line %d: %s\n",
fname, line, gpg_strerror (rc));
fname, line, gpg_strerror (err));
else
{
rc = nvc_get_private_key (pk, result);
err = nvc_get_private_key (pk, result);
nvc_release (pk);
if (rc)
if (err)
log_error ("error getting private key from '%s': %s\n",
fname, gpg_strerror (rc));
fname, gpg_strerror (err));
}
xfree (fname);
return rc;
return err;
}
if (fstat (es_fileno (fp), &st))
{
rc = gpg_error_from_syserror ();
log_error ("can't stat '%s': %s\n", fname, strerror (errno));
err = gpg_error_from_syserror ();
log_error ("can't stat '%s': %s\n", fname, gpg_strerror (err));
xfree (fname);
es_fclose (fp);
return rc;
return err;
}
buflen = st.st_size;
buf = xtrymalloc (buflen+1);
if (!buf)
{
rc = gpg_error_from_syserror ();
err = gpg_error_from_syserror ();
log_error ("error allocating %zu bytes for '%s': %s\n",
buflen, fname, strerror (errno));
buflen, fname, gpg_strerror (err));
xfree (fname);
es_fclose (fp);
xfree (buf);
return rc;
return err;
}
if (es_fread (buf, buflen, 1, fp) != 1)
{
rc = gpg_error_from_syserror ();
err = gpg_error_from_syserror ();
log_error ("error reading %zu bytes from '%s': %s\n",
buflen, fname, strerror (errno));
buflen, fname, gpg_strerror (err));
xfree (fname);
es_fclose (fp);
xfree (buf);
return rc;
return err;
}
/* Convert the file into a gcrypt S-expression object. */
rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
xfree (fname);
es_fclose (fp);
xfree (buf);
if (rc)
if (err)
{
log_error ("failed to build S-Exp (off=%u): %s\n",
(unsigned int)erroff, gpg_strerror (rc));
return rc;
(unsigned int)erroff, gpg_strerror (err));
return err;
}
*result = s_skey;
return 0;
@ -852,7 +852,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
gcry_sexp_t *result, char **r_passphrase)
{
int rc;
gpg_error_t err;
unsigned char *buf;
size_t len, buflen, erroff;
gcry_sexp_t s_skey;
@ -863,20 +863,20 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
if (r_passphrase)
*r_passphrase = NULL;
rc = read_key_file (grip, &s_skey);
if (rc)
err = read_key_file (grip, &s_skey);
if (err)
{
if (gpg_err_code (rc) == GPG_ERR_ENOENT)
rc = gpg_error (GPG_ERR_NO_SECKEY);
return rc;
if (gpg_err_code (err) == GPG_ERR_ENOENT)
err = gpg_error (GPG_ERR_NO_SECKEY);
return err;
}
/* For use with the protection functions we also need the key as an
canonical encoded S-expression in a buffer. Create this buffer
now. */
rc = make_canon_sexp (s_skey, &buf, &len);
if (rc)
return rc;
err = make_canon_sexp (s_skey, &buf, &len);
if (err)
return err;
switch (agent_private_key_type (buf))
{
@ -887,10 +887,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
unsigned char *buf_new;
size_t buf_newlen;
rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen);
if (rc)
err = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen);
if (err)
log_error ("failed to convert unprotected openpgp key: %s\n",
gpg_strerror (rc));
gpg_strerror (err));
else
{
xfree (buf);
@ -917,17 +917,17 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
desc_text_final = NULL;
if (desc_text)
rc = agent_modify_description (desc_text, comment, s_skey,
&desc_text_final);
err = agent_modify_description (desc_text, comment, s_skey,
&desc_text_final);
gcry_free (comment);
if (!rc)
if (!err)
{
rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip,
cache_mode, lookup_ttl, r_passphrase);
if (rc)
if (err)
log_error ("failed to unprotect the secret key: %s\n",
gpg_strerror (rc));
gpg_strerror (err));
}
xfree (desc_text_final);
@ -939,34 +939,34 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
const unsigned char *s;
size_t n;
rc = agent_get_shadow_info (buf, &s);
if (!rc)
err = agent_get_shadow_info (buf, &s);
if (!err)
{
n = gcry_sexp_canon_len (s, 0, NULL,NULL);
assert (n);
log_assert (n);
*shadow_info = xtrymalloc (n);
if (!*shadow_info)
rc = out_of_core ();
err = out_of_core ();
else
{
memcpy (*shadow_info, s, n);
rc = 0;
err = 0;
}
}
if (rc)
log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
if (err)
log_error ("get_shadow_info failed: %s\n", gpg_strerror (err));
}
else
rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
break;
default:
log_error ("invalid private key format\n");
rc = gpg_error (GPG_ERR_BAD_SECKEY);
err = gpg_error (GPG_ERR_BAD_SECKEY);
break;
}
gcry_sexp_release (s_skey);
s_skey = NULL;
if (rc)
if (err)
{
xfree (buf);
if (r_passphrase)
@ -974,23 +974,23 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
xfree (*r_passphrase);
*r_passphrase = NULL;
}
return rc;
return err;
}
buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen);
wipememory (buf, buflen);
xfree (buf);
if (rc)
if (err)
{
log_error ("failed to build S-Exp (off=%u): %s\n",
(unsigned int)erroff, gpg_strerror (rc));
(unsigned int)erroff, gpg_strerror (err));
if (r_passphrase)
{
xfree (*r_passphrase);
*r_passphrase = NULL;
}
return rc;
return err;
}
*result = s_skey;

155
agent/pksign.c
View File

@ -271,26 +271,26 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits,
/* SIGN whatever information we have accumulated in CTRL and return
the signature S-expression. LOOKUP is an optional function to
provide a way for lower layers to ask for the caching TTL. If a
CACHE_NONCE is given that cache item is first tried to get a
passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes
from this buffer are used instead of the data in CTRL. The
override feature is required to allow the use of Ed25519 with ssh
because Ed25519 does the hashing itself. */
int
* the signature S-expression. LOOKUP is an optional function to
* provide a way for lower layers to ask for the caching TTL. If a
* CACHE_NONCE is given that cache item is first tried to get a
* passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes
* from this buffer are used instead of the data in CTRL. The
* override feature is required to allow the use of Ed25519 with ssh
* because Ed25519 does the hashing itself. */
gpg_error_t
agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode, lookup_ttl_t lookup_ttl,
const void *overridedata, size_t overridedatalen)
{
gpg_error_t err = 0;
gcry_sexp_t s_skey = NULL;
gcry_sexp_t s_sig = NULL;
gcry_sexp_t s_hash = NULL;
gcry_sexp_t s_pkey = NULL;
unsigned char *shadow_info = NULL;
unsigned int rc = 0; /* FIXME: gpg-error? */
const unsigned char *data;
int datalen;
int check_signature = 0;
@ -309,12 +309,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
if (!ctrl->have_keygrip)
return gpg_error (GPG_ERR_NO_SECKEY);
rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
&shadow_info, cache_mode, lookup_ttl,
&s_skey, NULL);
if (rc)
err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip,
&shadow_info, cache_mode, lookup_ttl,
&s_skey, NULL);
if (err)
{
if (gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
log_error ("failed to read the secret key\n");
goto leave;
}
@ -329,8 +329,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
int is_ECDSA = 0;
int is_EdDSA = 0;
rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
if (rc)
err = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
if (err)
{
log_error ("failed to read the public key\n");
goto leave;
@ -353,15 +353,15 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
if (desc_text)
agent_modify_description (desc_text, NULL, s_skey, &desc2);
rc = divert_pksign (ctrl, desc2? desc2 : desc_text,
data, datalen,
ctrl->digest.algo,
shadow_info, &buf, &len);
err = divert_pksign (ctrl, desc2? desc2 : desc_text,
data, datalen,
ctrl->digest.algo,
shadow_info, &buf, &len);
xfree (desc2);
}
if (rc)
if (err)
{
log_error ("smartcard signing failed: %s\n", gpg_strerror (rc));
log_error ("smartcard signing failed: %s\n", gpg_strerror (err));
goto leave;
}
@ -379,13 +379,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
*buf = 0;
}
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))",
(int)len, buf);
err = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))",
(int)len, buf);
}
else if (is_EdDSA)
{
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))",
(int)len/2, buf, (int)len/2, buf + len/2);
err = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))",
(int)len/2, buf, (int)len/2, buf + len/2);
}
else if (is_ECDSA)
{
@ -401,7 +401,10 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
r_buflen++;
r_buf_allocated = xtrymalloc (r_buflen);
if (!r_buf_allocated)
goto leave;
{
err = gpg_error_from_syserror ();
goto leave;
}
r_buf = r_buf_allocated;
memcpy (r_buf + 1, buf, len/2);
@ -416,6 +419,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
s_buf_allocated = xtrymalloc (s_buflen);
if (!s_buf_allocated)
{
err = gpg_error_from_syserror ();
xfree (r_buf_allocated);
goto leave;
}
@ -427,20 +431,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
else
s_buf = buf + len/2;
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))",
r_buflen, r_buf,
s_buflen, s_buf);
err = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))",
r_buflen, r_buf,
s_buflen, s_buf);
xfree (r_buf_allocated);
xfree (s_buf_allocated);
}
else
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
xfree (buf);
if (rc)
if (err)
{
log_error ("failed to convert sigbuf returned by divert_pksign "
"into S-Exp: %s", gpg_strerror (rc));
"into S-Exp: %s", gpg_strerror (err));
goto leave;
}
}
@ -451,27 +455,29 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
/* Put the hash into a sexp */
if (agent_is_eddsa_key (s_skey))
rc = do_encode_eddsa (data, datalen,
&s_hash);
err = do_encode_eddsa (data, datalen,
&s_hash);
else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
rc = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (s_skey),
&s_hash);
err = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (s_skey),
&s_hash);
else if ( (dsaalgo = agent_is_dsa_key (s_skey)) )
rc = do_encode_dsa (data, datalen,
dsaalgo, s_skey,
&s_hash);
err = do_encode_dsa (data, datalen,
dsaalgo, s_skey,
&s_hash);
else
rc = do_encode_md (data, datalen,
ctrl->digest.algo,
&s_hash,
ctrl->digest.raw_value);
if (rc)
err = do_encode_md (data, datalen,
ctrl->digest.algo,
&s_hash,
ctrl->digest.raw_value);
if (err)
goto leave;
if (dsaalgo == 0 && GCRYPT_VERSION_NUMBER < 0x010700)
/* It's RSA and Libgcrypt < 1.7 */
check_signature = 1;
{
/* It's RSA and Libgcrypt < 1.7 */
check_signature = 1;
}
if (DBG_CRYPTO)
{
@ -480,10 +486,10 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
}
/* sign */
rc = gcry_pk_sign (&s_sig, s_hash, s_skey);
if (rc)
err = gcry_pk_sign (&s_sig, s_hash, s_skey);
if (err)
{
log_error ("signing failed: %s\n", gpg_strerror (rc));
log_error ("signing failed: %s\n", gpg_strerror (err));
goto leave;
}
@ -502,20 +508,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
if (s_hash == NULL)
{
if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
rc = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (sexp_key), &s_hash);
err = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (sexp_key), &s_hash);
else
rc = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash,
ctrl->digest.raw_value);
err = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash,
ctrl->digest.raw_value);
}
if (! rc)
rc = gcry_pk_verify (s_sig, s_hash, sexp_key);
if (!err)
err = gcry_pk_verify (s_sig, s_hash, sexp_key);
if (rc)
if (err)
{
log_error (_("checking created signature failed: %s\n"),
gpg_strerror (rc));
gpg_strerror (err));
gcry_sexp_release (s_sig);
s_sig = NULL;
}
@ -530,37 +536,42 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
gcry_sexp_release (s_hash);
xfree (shadow_info);
return rc;
return err;
}
/* SIGN whatever information we have accumulated in CTRL and write it
back to OUTFP. If a CACHE_NONCE is given that cache item is first
tried to get a passphrase. */
int
* back to OUTFP. If a CACHE_NONCE is given that cache item is first
* tried to get a passphrase. */
gpg_error_t
agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode)
{
gpg_error_t err;
gcry_sexp_t s_sig = NULL;
char *buf = NULL;
size_t len = 0;
int rc = 0;
rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL,
NULL, 0);
if (rc)
err = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode,
NULL, NULL, 0);
if (err)
goto leave;
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xmalloc (len);
log_assert (len);
buf = xtrymalloc (len);
if (!buf)
{
err = gpg_error_from_syserror ();
goto leave;
}
len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
log_assert (len);
put_membuf (outbuf, buf, len);
leave:
gcry_sexp_release (s_sig);
xfree (buf);
return rc;
return err;
}

13
agent/protect.c
View File

@ -238,7 +238,7 @@ get_standard_s2k_count_rfc4880 (void)
/* Calculate the MIC for a private key or shared secret S-expression.
SHA1HASH should point to a 20 byte buffer. This function is
suitable for all algorithms. */
static int
static gpg_error_t
calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
{
const unsigned char *hash_begin, *hash_end;
@ -728,7 +728,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
/* Do the actual decryption and check the return list for consistency. */
static int
static gpg_error_t
do_decryption (const unsigned char *aad_begin, size_t aad_len,
const unsigned char *aadhole_begin, size_t aadhole_len,
const unsigned char *protected, size_t protectedlen,
@ -738,7 +738,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
int prot_cipher, int prot_cipher_keylen, int is_ocb,
unsigned char **result)
{
int rc = 0;
int rc;
int blklen;
gcry_cipher_hd_t hd;
unsigned char *outbuf;
@ -858,7 +858,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
* CUTOFF and CUTLEN will receive the offset and the length of the
* resulting list which should go into the MIC calculation but then be
* removed. */
static int
static gpg_error_t
merge_lists (const unsigned char *protectedkey,
size_t replacepos,
const unsigned char *cleartext,
@ -1011,7 +1011,7 @@ merge_lists (const unsigned char *protectedkey,
/* Unprotect the key encoded in canonical format. We assume a valid
S-Exp here. If a protected-at item is available, its value will
be stored at protected_at unless this is NULL. */
int
gpg_error_t
agent_unprotect (ctrl_t ctrl,
const unsigned char *protectedkey, const char *passphrase,
gnupg_isotime_t protected_at,
@ -1291,6 +1291,7 @@ agent_unprotect (ctrl_t ctrl,
return 0;
}
/* Check the type of the private key, this is one of the constants:
PRIVATE_KEY_UNKNOWN if we can't figure out the type (this is the
value 0), PRIVATE_KEY_CLEAR for an unprotected private key.
@ -1549,7 +1550,7 @@ agent_shadow_key (const unsigned char *pubkey,
/* Parse a canonical encoded shadowed key and return a pointer to the
inner list with the shadow_info */
int
gpg_error_t
agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info)
{